[Date Prev][Date Next]
(ITS#4449) incorrect bound check in connection_next()?
Full_Name: Pierangelo Masarati
Submission from: (NULL) (188.8.131.52)
Submitted by: ando
I suspect there's an incorrect bound check in connection_next(), where *index
upper value is tested for < MCA_ARRAY_SIZE instead of <= dtblsize.
The patch below seems to address the issue, but I'd prefer a comment from
someone that's more familiar with that portion of code.
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/connection.c,v
retrieving revision 1.350
diff -u -r1.350 connection.c
--- servers/slapd/connection.c 8 Mar 2006 04:54:10 -0000 1.350
+++ servers/slapd/connection.c 25 Mar 2006 00:10:55 -0000
@@ -1075,7 +1075,7 @@
assert( connections != NULL );
assert( index != NULL );
- assert( *index >= 0 && *index < MCA_ARRAY_SIZE );
+ assert( *index >= 0 && *index <= dtblsize );
if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex );